# Copyright (c) 2015 Jordan Turley, CSGO Win Big. All Rights Reserved.
session_start();
include 'default.php';
include 'SteamAuthentication/steamauth/userInfo.php';
$db = getDB();
if (!isset($_SESSION['steamid'])) {
echo jsonErr('You are not logged in.');
return;
}
$text = isset($_POST['text']) ? $_POST['text'] : null;
if (is_null($text) || strlen($text) === 0) {
echo jsonErr('The required text for the message was not sent correctly or was left blank. Please refresh and try again.');
return;
}
$steamUserID = $steamprofile['steamid'];
# Check if they are on the blacklist for the chat
$stmt = $db->query('SELECT * FROM chatBlacklist');
$blacklist = $stmt->fetchAll();
foreach ($blacklist as $user) {
$steamId64 = $user['steamId64'];
if ($steamId64 === $steamUserID) {
echo jsonSuccess(array('message' => 'You have been banned from the chat.'));
return;
}
}
$stmt = $db->prepare('INSERT INTO `chat` (`steamUserID`, `text`, `date`, `time`) VALUES (:userid, :text, CURDATE(), CURTIME())');
$stmt->bindValue(':userid', $steamUserID);
$stmt->bindValue(':text', $text);
$stmt->execute();
echo jsonSuccess(array('message' => 'Message has been sent!'));
function settings($project_id = null)
{
// Edit Project Settings
$project_id = intval($project_id);
$this->Project =& ClassRegistry::init('Project');
$this->Project->contain(array('State.Step' => array('Condition', 'Action')));
$conditions = array('Project.id' => $project_id, 'Project.user_id' => $this->DarkAuth->id, 'Project.live' => 1);
$project = $this->Project->find('first', compact('conditions'));
if (empty($project)) {
$this->_Flash('Unable to find Project', 'mean', '/');
}
// Must be my project
if ($project['Project']['user_id'] != $this->DarkAuth->id) {
$this->_Flash('Invalid project chosen', 'mean', $this->referer('/'));
}
if ($this->RequestHandler->isGet()) {
$this->data = $project;
return;
}
// Parse input
// - type cannot be changed
App::import('Sanitize');
$data = array();
$data['id'] = $project['Project']['id'];
$data['enable_state'] = intval($this->data['Project']['enable_state']);
// Save
if (!$this->Project->save($data, false, array_keys($data))) {
echo jsonError(101, 'Failed saving Project Settings');
exit;
}
echo jsonSuccess('Settings Saved');
exit;
}
if ($itemName[0] === '?') {
$itemName = substr($itemName, 2);
}
$itemPrice = $itemInPot['itemPrice'];
$itemIcon = $itemInPot['itemIcon'];
$itemRarityColor = $itemInPot['itemRarityColor'];
$itemOwnerSteamID = $itemInPot['ownerSteamId64'];
$steamUserInfo = getSteamProfileInfoForSteamID($usersInfoStr, $itemOwnerSteamID);
$arr = array('itemID' => $itemID, 'itemSteamOwnerInfo' => $steamUserInfo, 'itemName' => $itemName, 'itemPrice' => $itemPrice, 'itemIcon' => $itemIcon, 'itemRarityColor' => $itemRarityColor);
array_push($currentPot, $arr);
$potPrice += $itemPrice;
}
# Get the time left in the current round
$roundEndTime = is_null($currentRound) ? null : $currentRound['endTime'];
$stmt = $db->query('SELECT * FROM history ORDER BY id DESC');
$mostRecentInHistory = $stmt->fetch();
$mostRecentAllItems = $mostRecentInHistory['allItemsJson'];
# Get the past pot and check if someone just now won
$prevGameID = $prevPot['id'];
$winnerSteamId64 = $prevPot['winnerSteamId64'];
$userPutInPrice = $prevPot['userPutInPrice'];
$prevPotPrice = $prevPot['potPrice'];
$allItems = $prevPot['allItemsJson'];
$winnerSteamInfo = getSteamProfileInfoForSteamID($usersInfoStr, $winnerSteamId64);
$winnerSteamInfo['personaname'] = html_entity_decode($winnerSteamInfo['personaname']);
# The information for the previous round
$mostRecentGame = array('prevGameID' => $prevGameID, 'winnerSteamInfo' => $winnerSteamInfo, 'userPutInPrice' => $userPutInPrice, 'potPrice' => $prevPotPrice, 'allItems' => $allItems);
# The information for the current round
$data = array('chat' => $chatMessagesArr, 'pot' => $currentPot, 'potPrice' => $potPrice, 'roundEndTime' => $roundEndTime, 'mostRecentAllItems' => $mostRecentAllItems, 'mostRecentGame' => $mostRecentGame);
echo jsonSuccess($data);
return;
}
# Check if user is logged in
if (!isset($_SESSION['steamid'])) {
echo jsonErr('You are not logged in.');
return;
}
if (!filter_var($tradeUrl, FILTER_VALIDATE_URL)) {
echo jsonSuccess(array('valid' => 0, 'errMsg' => 'The provided url was not valid.'));
return;
}
$query = parse_url($tradeUrl, PHP_URL_QUERY);
parse_str($query, $queryArr);
$tradeToken = isset($queryArr['token']) ? $queryArr['token'] : null;
if (is_null($tradeToken) || strlen($tradeToken) === 0) {
echo jsonSuccess(array('valid' => 0, 'errMsg' => 'Your trade token could not be found in the url.'));
return;
}
# Get steam id
$steamUserId = intval($steamprofile['steamid']);
# Convert steam 64 id to steam 32 id
$steam32IdEnd = ($steamUserId - (76561197960265728 + $steamUserId % 2)) / 2;
$steam32IdMid = $steamUserId % 2;
$steam32Id = "STEAM_0:{$steam32IdMid}:{$steam32IdEnd}";
$stmt = $db->prepare('INSERT INTO users (steamId32, steamId64, tradeToken) VALUES (:id32, :id64, :token)');
$stmt->bindValue(':id32', $steam32Id);
$stmt->bindValue(':id64', $steamUserId);
$stmt->bindValue(':token', $tradeToken);
$stmt->execute();
echo jsonSuccess(array('valid' => 1, 'tradeToken' => $tradeToken));
<?php
# Copyright (c) 2015 Jordan Turley, CSGO Win Big. All Rights Reserved.
include 'default.php';
$db = getDB();
$stmt = $db->query('SELECT * FROM history ORDER BY id DESC');
if ($stmt->rowCount() === 0) {
# It is the first ever pot, don't do anything
echo jsonErr('Don\'t do anything, the current pot is the first one');
return;
}
$mostRecentPot = $stmt->fetch();
echo jsonSuccess($mostRecentPot);
throw new Exception('Niekompletne dane.', 400);
}
$notify_text = validateString('wiadomość', $postVars['notify_text'], 6, 2048);
$result = $thread->notify($id, $notify_text);
$email_to = implode(',', $result);
$subject = 'Powiadomienie';
$message = $notify_text . " \nJeśli nie chcesz otrzymywać wiadomości e-mail, zaloguj się na www.bariery.wroclaw.pl i wycofaj subskrypcję dla zgłoszeń.";
$headers = 'From: admin@bariery.wroclaw.pl' . "\r\n" . 'Reply-To: no-reply@bariery.wroclaw.pl' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
@mail($email_to, $subject, $message, $headers);
jsonSuccess($app, $result);
} catch (Exception $e) {
jsonError($app, $e);
}
});
$app->delete('/id/:id', validatePrivileges(array('administrator')), function ($id) use($app, $thread) {
try {
$result = $thread->delete($id);
jsonSuccess($app, $result);
} catch (Exception $e) {
jsonError($app, $e);
}
});
$app->delete('/marker/id/:id', validatePrivileges(array('administrator')), function ($id) use($app, $thread) {
try {
$result = $thread->deleteMarker($id);
jsonSuccess($app, $result);
} catch (Exception $e) {
jsonError($app, $e);
}
});
});
include 'SteamAuthentication/steamauth/userInfo.php';
$db = getDB();
$tradeUrl = isset($_POST['tradeUrl']) ? $_POST['tradeUrl'] : null;
if (is_null($tradeUrl) || strlen($tradeUrl) === 0) {
echo jsonErr('The required field was not sent.');
return;
}
# Check if user is logged in
if (!isset($_SESSION['steamid'])) {
echo jsonErr('You are not logged in.');
return;
}
if (!filter_var($tradeUrl, FILTER_VALIDATE_URL)) {
echo jsonSuccess(array('valid' => 0, 'errMsg' => 'The provided url was not valid.'));
return;
}
$query = parse_url($tradeUrl, PHP_URL_QUERY);
parse_str($query, $queryArr);
$tradeToken = isset($queryArr['token']) ? $queryArr['token'] : null;
if (is_null($tradeToken) || strlen($tradeToken) === 0) {
echo jsonSuccess(array('valid' => 0, 'errMsg' => 'Your trade token could not be found in the url.'));
return;
}
# Get steam id
$steamUserId = intval($steamprofile['steamid']);
$stmt = $db->prepare('UPDATE users SET tradeToken = :token WHERE steamId64 = :id64');
$stmt->bindValue(':id64', $steamUserId);
$stmt->bindValue(':token', $tradeToken);
$stmt->execute();
echo jsonSuccess(array('valid' => 1));
$desc = postVar('desc');
if (is_null($name) || is_null($email) || is_null($steamProfileLink) || is_null($desc)) {
echo jsonErr('One of the required fields was left blank or not sent correctly.');
return;
}
# Check steam profile link to make sure it is valid
if (!filter_var($steamProfileLink, FILTER_VALIDATE_URL)) {
echo jsonErr('Your steam profile link was not a valid url.');
return;
}
# Add to support database table
$stmt = $db->prepare('INSERT INTO support (name, email, steamProfileLink, desc, date, time) VALUES (:name, :email, :steamProfileLink, :desc, CURDATE(), CURTIME())');
$stmt->bindValue(':name', $name);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':steamProfileLink', $steamProfileLink);
$stmt->bindValue(':desc', $desc);
$stmt->execute();
# Send email to our email
$to = '*****@*****.**';
$subject = 'Support Ticket Submitted';
$message = "A support ticket has been sent.\n\nName: {$name}\nEmail: {$email}\nProfile link: {$steamProfileLink}\nDescription: {$desc}";
mail($to, $subject, $message);
# Send email to user confirming their support ticket
$subject = 'Support ticket received';
$message = "Hi, we have received your support ticket, with the following information:\n\t<br><br>\n\tYour name: {$name}\n\t<br>\n\tYour email: {$email}\n\t<br>\n\tYour Steam profile link: <a href=\"{$steamProfileLink}\">{$steamProfileLink}</a>\n\t<br>\n\tYour message: {$desc}\n\t<br><br>\n\tYou can expect an email response about this issue within the next 24 to 48 hours.";
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: CSGO Win Big <*****@*****.**>";
mail($email, $subject, $message, $headers);
echo jsonSuccess(array('message' => 'Your support ticket was submitted successfully! Check your email for a confirmation.'));
<?php
include 'default.php';
$db = getDB();
# Get bot inventory
$bot64Id = '76561198276749537';
$botInventory = json_decode(file_get_contents("https://steamcommunity.com/profiles/{$bot64Id}/inventory/json/730/2"), true);
$rgInventory = $botInventory['rgInventory'];
# Get current pot
$stmt = $db->query('SELECT * FROM currentPot');
$currentPot = $stmt->fetchAll();
echo jsonSuccess(array('rgInventory' => $rgInventory, 'currentPot' => $currentPot));
$stmt = $db->query($sql);
$allRounds = $stmt->fetchAll();
$allUserSteam64Ids = array();
foreach ($allRounds as $round) {
$id = $round['winnerSteamId64'];
array_push($allUserSteam64Ids, $id);
}
$allUserSteam64IdsStr = join(',', $allUserSteam64Ids);
$apiKey = getSteamAPIKey();
$usersInfoStr = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={$apiKey}&steamids={$allUserSteam64IdsStr}");
$roundsArr = array();
$count = 0;
foreach ($allRounds as $round) {
if (strlen($round['allItemsJson']) === 0) {
continue;
}
if ($count === 10) {
continue;
}
$count++;
$id = $round['id'];
$winnerSteamId64 = $round['winnerSteamId64'];
$winnerInfo = getSteamProfileInfoForSteamID($usersInfoStr, $winnerSteamId64);
$userPutInPrice = $round['userPutInPrice'];
$potPrice = $round['potPrice'];
$allItemsJson = $round['allItemsJson'];
$arr = array('id' => $id, 'winnerInfo' => $winnerInfo, 'userPutInPrice' => $userPutInPrice, 'potPrice' => $potPrice, 'allItemsJson' => $allItemsJson);
array_push($roundsArr, $arr);
}
echo jsonSuccess(array('rounds' => $roundsArr));
public function logout()
{
auth()->logout(request()->get('token'));
return jsonSuccess('退出成功', '200');
}
<?php
include 'default.php';
$name = postVar('name');
$price = postVar('price');
if (is_null($name) || is_null($price)) {
echo jsonErr('One of the required fields was not sent successfully.');
return;
}
$to = '*****@*****.**';
$subject = 'Item Price Change Ticket';
$message = "An item price change ticket has been submitted.\nName: {$name}\nPrice: {$price}";
mail($to, $subject, $message);
echo jsonSuccess(array('message' => 'Your ticket has successfully been submitted. Thank you!'));
function move($action_id = null, $order = null, $step_id = null)
{
// Move a Action somewhere
$action_id = intval($action_id);
$order = intval($order);
$step_id = intval($step_id);
// Only used when moving to a new Step
// Re-order every element (right?)
if ($this->RequestHandler->isGet()) {
echo jsonError(101, 'Expecting POST');
exit;
}
// Get Action
$this->Action =& ClassRegistry::init('Action');
$this->Action->contain(array('Step.State.Project'));
$conditions = array('Action.id' => $action_id, 'Action.live' => 1);
$action = $this->Action->find('first', compact('conditions'));
if (empty($action)) {
$this->_Flash('Unable to find Action', 'mean', $this->referer('/'));
}
// Must be my Action
if ($action['Step']['State']['Project']['user_id'] != $this->DarkAuth->id) {
$this->_Flash('Not your Action', 'mean', $this->referer('/'));
}
// Moving Steps?
$this->Step =& ClassRegistry::init('Step');
if ($step_id != $action['Action']['step_id']) {
// Validate the new step
$this->Step->contain(array('State.Project'));
$conditions = array('Step.id' => $step_id, 'Step.live' => 1);
$step = $this->Step->find('first', compact('conditions'));
// Step Exists?
if (empty($step)) {
echo jsonError(101, 'Not in a step');
exit;
}
// My Step?
if ($step['State']['Project']['user_id'] != $this->DarkAuth->id) {
echo jsonError(101, 'Not your Step');
exit;
}
$action['Action']['step_id'] = $step['Step']['id'];
}
$action['Action']['order'] = $order;
$this->Action->save($action['Action']);
echo jsonSuccess();
exit;
}
echo json_encode(array('type' => 'error', 'message' => $errorMessage));
exit;
}
function jsonSuccess($message, array $seatChanges)
{
echo json_encode(array('type' => 'success', 'message' => $message, 'seatChanges' => $seatChanges));
exit;
}
if (!Session::isLoggedIn()) {
jsonError('You are not logged in!');
}
$status = getSignupStatus(Session::getUser()->getId(), $event['id']);
if ($status != 'PAID' && $status != 'CONFIRMED' && $status != 'PAYPAL_WAITING' && $status != 'STAFF') {
jsonError("You haven't paid for a ticket!");
}
if (getUserInSeat($event['id'], $seat)) {
jsonError("That seat is already occupied!");
}
$seatChanges = array();
$currentSeats = getSeatForUser($event['id']);
foreach ($currentSeats as $itemCurrentSeat) {
$seatChanges[] = getJsonSeatChange('delete', $itemCurrentSeat['seat'], Session::getUser()->getUsername());
}
deleteSeatsForUser($event['id']);
setUserInSeat($event['id'], $seat);
$seatChanges[] = getJsonSeatChange('set', $seat, Session::getUser()->getUsername());
jsonSuccess('Seat selected!', $seatChanges);
?>
break;
case 'zayav_spisok':
$_POST['find'] = win1251($_POST['find']);
$data = zayav_spisok($_POST);
if ($data['filter']['page'] == 1) {
$send['all'] = utf8($data['result']);
}
$send['spisok'] = utf8($data['spisok']);
jsonSuccess($send);
break;
case 'zayav_status':
if (!($zayav_id = _num($_POST['zayav_id']))) {
jsonError();
}
if (!($zayav_status = _num($_POST['status']))) {
jsonError();
}
$sql = "SELECT * FROM `zayav` WHERE `ws_id`=" . WS_ID . " AND !`deleted` AND `id`=" . $zayav_id;
if (!($z = query_assoc($sql))) {
jsonError();
}
if ($z['status'] == $zayav_status) {
jsonError();
}
$sql = "UPDATE `zayav`\n\t\t\t\tSET `status`=" . $zayav_status . ",\n\t\t\t\t\t`status_dtime`=CURRENT_TIMESTAMP\n\t\t\t\tWHERE `id`=" . $zayav_id;
query($sql);
_history(array('type_id' => 71, 'client_id' => $z['client_id'], 'zayav_id' => $zayav_id, 'v1' => $z['status'], 'v2' => $zayav_status));
jsonSuccess();
break;
}
jsonError();
function remove($condition_id = null, $code = null)
{
// Remove a step
// NOT WORKING!!
exit;
$condition_id = intval($condition_id);
App::import('Sanitize');
$code = Sanitize::paranoid($code);
// Get Condition
$this->Condition =& ClassRegistry::init('Condition');
$this->Condition->contain(array('Step.State.Project'));
$conditions = array('Condition.id' => $condition_id, 'Condition.live' => 1);
$condition = $this->Condition->find('first', compact('conditions'));
if (empty($condition)) {
$this->_Flash('Unable to find Condition', 'mean', $this->referer('/'));
}
// Must be my Condition
if ($condition['Step']['State']['Project']['user_id'] != $this->DarkAuth->id) {
$this->_Flash('Not your Condition', 'mean', $this->referer('/'));
}
// Verify Code
$expected_code = md5('test' . $condition['Condition']['id'] . 'test');
if ($code != $expected_code) {
$this->_Flash('Codes did not match', 'mean', $this->referer('/'));
}
// Move to live=0
$condition['Condition']['live'] = 0;
// Re-order
// - necessary? Just keep deleting shit (lol)
if (!$this->Condition->save($condition['Condition'], false, array('id', 'live'))) {
$this->_Flash('Failed removing Condition', 'mean', null);
return;
}
// Changes saved
echo jsonSuccess();
exit;
$this->_Flash('Changes saved', 'nice', $this->referer('/'));
}
